Overview

The code in this folder provides an example for creating a Layer Identity Token using an HttpServlet.

The example endpoint, identity-token, requires the following parameters:

• user_id: The user ID of the user you want to authenticate.
• nonce: The nonce you receive from Layer. See docs for more info.

Response

Upon success, the endpoint will return a JSON object that contains a single key, identity_token.

Example successful response:

{
  "identity_token": "eyJ0eXAiOiJKV1Mi..."
}

Java setup

This code uses the gradle build tool via a gradle wrapper. To initialize your system with required dependencies, run the following command:

./gradlew tasks

Configure your Layer app

You will then need to define the following variables in the com.layer.LayerConfig class:

• LAYER_PROVIDER_ID - Provider ID found in the Layer Dashboard under "Keys"
• LAYER_KEY_ID - ID of the public key generated and stored in the Layer Dashboard under "Keys"
• LAYER_RSA_KEY_PATH - Path to the PK8 version of your RSA key (see below)

Note: You must convert your private key to PKCS8 format so that Java can read it:

openssl pkcs8 -topk8 -nocrypt -outform DER -in layer.pem -out layer.pk8

Running the servlet

To run the servlet locally, enter the following command:

./gradlew appRun

The servlet will now be accessible at http://localhost:8080/identity-token.

Testing the servlet

curl              \
  -D -            \
  -X POST         \
  -d '{"nonce":"test_nonce", "user_id": "test_user_id"}' \
  http://localhost:8080/identity-token

You should see the following response:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF8
Transfer-Encoding: chunked
Date: Wed, 12 Aug 2015 03:47:29 GMT

{"identity_token":"...SNIP..."}

Verify the generated token

You should verify the output of the signing request by visiting the Tools section of the Layer Dashboard. Paste the identity_token into the form and click Validate. You should see "Token valid."